Risking the Company Because Security is too Expensive?5 Cost Effective Security Program Tips for the SMB
Often times business owners reach out to the IT department to secure the company. Technical Security is only a part of the risk and generally the most heavy with products. This product based approach to security drives the business owner to the thought that security is too expensive. Organizations can start small and grow towards a mature security program within the organization.
Business owners need to look at Security from a
Holistic Approach. Small to midsized organizations are challenged with
regulations such as PCI, HIPAA, and Privacy Information Act. They face the same
cyber threats as larger corporations but with a tighter budget and already
overworked staff.
Below is a list that is cost effective and will get a security program started. It may seem complicated or overwhelming at first. Like the old adage "Rome wasn't built in a day" it takes time to build a security program in a small business but if you don't protect your business remember "Rome was burned in a day"
Below is a list that is cost effective and will get a security program started. It may seem complicated or overwhelming at first. Like the old adage "Rome wasn't built in a day" it takes time to build a security program in a small business but if you don't protect your business remember "Rome was burned in a day"
TOP 5 Cheap and Easy
Security for the SMB
- Look
beyond your IT person. Security should be more than a firewall and
anti-virus.
Security involves several facets:
- Physical controls e.g. fences, doors, locks and fire extinguishers;
- Procedural controls e.g. incident response processes, management oversight, security awareness and training;
- Technical controls e.g. user authentication (login) and logical access controls, antivirus software, firewalls;
- Legal and regulatory or compliance controls e.g. privacy laws, policies and clauses.
- Train
your employees. Security Awareness can be FREE. There are lots of
resources out there. Trained staff will stop a problem before it
gets too big.
- Perform Vulnerability
Assessments at a minimum. There are cheap options out there and if
you are need to be PCI compliant often the Acquiring bank will offer a
program like Control Scan. Utilize the tools you have.
- Document what you
do! Create security policies. The company probably has a shedder and people do shred, yet
where is the policy?
- Assign responsibility to the security role. Measure and manage security, create milestones and projects. Treat this like any other project or decision in your company. Assign it, track it, measure it, put a budget to it.
